Main navigation

Android non-revocable permissions and "old applications": consequences for you control

The latest version of Protektoid (2.3.0) better integrates the concepts of non-revocable permissions and "old applications", to ease the management of your privacy.

The "old applications"

When we develop an Android app, we have to specify which Sdk the application targets. This is the targetSdkVersion attribute of the application manifest. This is not a simple question as impacts may be important, for instance when considering the security setup of the application and the associated user interactions.

Indeed and as applications before marshmallow had their permissions granted at-install, any app with targetSdkVersion <= 22 follows the "granted-at-install" logic, even if users are relying on a more recent version of Android (Marhsmallow and above). Obviously, users with Marhsmallow can disable permissions of such apps. But this breaks the security model of these apps, as shows the warning message when users try to do so.

And then, what are the consequences? Android has a bug on this specific subject, which we reported but got flagged as "won't fix": it is programmatically impossible for a non-system app (such as Protektoid) to know if a permission of an app which target an old Android version is disabled or not. We thus decided to deal with this matter through the concept of "old app". Let's hope that this issue auto-disappears with updates made by the app developers and the update of the Android version they target.

Impacts on the "applications" pages

Thought we already handled this matter before, we enhanced Protektoid user interface, as shown the new icons and dialogs in the following screenshots:

For tablets

For phones

Display on the configuration dialog of a permission

Permissions of "old applications" can still be disabled, but you have to do it in two steps: first disable them, then tell it to Protektoid. We thus added a better explanation. A specific icon (orange lock) also let you quickly spot these permissions.

Non-revocables permissions

Native non-revocables permissions are another case to consider: to make it simple, some permissions can not be disabled. This is for instance the case of "Network" and "Bluetooth". In current version of Protektoid Community, we only deal with Android defined non-revocables permissions. Other non-revocables permissions, OEM based, will be handled in a near future.

To let you deal with such permissions in the best way, we flagged them as permanent permissions and a specific icon (a red lock) let you quickly spot them.

Impacts on the permission configuration

As these non-revocable permissions can not be disabled (hence the name), Protektoid deals with them as if you were relying on an old Sdk: you can either trust them or flag them as "I don't like"!

Conclusion

Thanks for reading all this post. We hope you liked it and that you will love these enhancements of the Protektoid Community app.